scholarly journals Ochrona danych osobowych i kierunki zmian w tej dziedzinie w prawie Unii Europejskiej

2014 ◽  
pp. 55-91
Author(s):  
Anastazja Gajda
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
The European Union ◽  
Effective Protection ◽  
Personal Data Protection ◽  
Policy Communication ◽  
Frame Work ◽  
Comprehensive Reform ◽  
The Eu

The paper concentrates on the protection of personal data in the European Union. The paper presents a comprehensive reform of the data protection frame‑ work, proposed by the European Commission in January 2012, including a policy Communication setting out the Commission’s objectives and two legislative pro‑ posals: a regulation setting out a general EU framework for data protection and a directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities. Both proposals concern the question of ensuring effective protection of fundamental rights. The analysis of the proposed legislation shows nevertheless that in this shape they do not lead to consistency and uniformity of the entire system of personal data protection in the EU. Significant differences in both proposals concern including different subject matter and material scope, effective protection of fundamental rights and the establishment of the hierarchy of the existing legal acts in this area.

scholarly journals Should Fundamental Rights to Privacy and Data Protection be a Part of the EU's International Trade ‘Deals’?

2017 ◽  
Vol 17 (3) ◽  
pp. 477-508 ◽  
Author(s):  
SVETLANA YAKOVLEVA
Keyword(s):  
International Trade ◽  
Data Protection ◽  
Personal Data ◽  
Trade Agreements ◽  
Two Dimensions ◽  
Fundamental Rights ◽  
International Trade Agreements ◽  
Personal Data Protection ◽  
Trade Deals ◽  
The Eu

AbstractThis article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU's ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.

scholarly journals SEARCH ENGINES IN COLOMBIA

2020 ◽  
Vol 12 (2) ◽  
pp. 1-13
Author(s):  
Sarah Osma Peralta
Keyword(s):  
Data Protection ◽  
Search Engines ◽  
Personal Data ◽  
Regulatory Framework ◽  
Fundamental Rights ◽  
Constitutional Court ◽  
The European Union ◽  
Online Search ◽  
Local Data ◽  
Personal Data Protection

Purpose ”“ Considering the relevance of personal data protection, this article focuses on the identification of the criteria used by Colombian Courts regarding the rights to access, modification and erasure personal data within the context of information made available through search engines. This framework will expose the different cases ruled by the Colombian Constitutional Court as it attempts to highlight which were the criteria used by the courts that brought them to rule that search engines are mere intermediaries between the content makers and data subjects. Finally, this study aims to contribute not only to the data protection legal literature in Colombia, but also, to improve the possibilities to effectively implement user´s rights of online search engines in Colombia. Methodology ”“In order to achieve the purpose of this research project, the following methodological strategies will be employed: (i) Legal-analytical study, by way of reviewing the Colombian regulatory framework in order to map out main rules regarding the fundamental rights to access, modification and erasure of personal data, and determining which ones are the aspects hindering the effective implementation of the rights; (ii) Legal-theoretical study, where it reviews the issues identified by legal scholars as hampering the implementation of data protection rights in general; (iii) Legal-empirical study that aims to raise awareness regarding the incidence of the activities carried out by search engines in the life of data subjects. Findings ”“ The Colombian Constitutional Court has seen search engines as mere intermediaries, meaning they do not have to rectify, correct, eliminate or complete the information listed in the results they provide. This approach demands that the Judiciary enforces the existence of a right to request the erasure of links and the need of procedures provided by them to do it effectively without erasing or altering the content of the website. This delisting process should not be arbitrary based on conditions that allow data subjects to ask the erasure of links associated with their names. In the European Union, the conditions to get those results delisted are inadequacy, irrelevance, or excessiveness in relation to the processing purposes. The current position of the Constitutional Court about the search engines role and their responsibilities has not protected the user’s fundamental rights to privacy, reputation, and honor. Therefore, a more committed study on behalf of the Court is required. Practical Implications ”“ In the Muebles Caquetá Case, the Court must point out the importance of the activities carried out by online search engines, and force them to face the implications of being a “controller” of the processing of personal data that takes place within their services. I suggest that the Court itself should draft clear delisting guidelines considering the opinions of a group of impartial experts, civil society representatives and the local Data Protection Authority. Originality ”“ Considering the implications posed by personal data and data mining, this article identifies the legal and regulatory framework surrounding those activities and in way contribute to create a data protection culture in Latin America, raise awareness regarding the incidence of search engines in the life of data rights holders, identify possible disconnections between the existent regulatory framework for personal data rights, and facilitate the cooperation between Courts and stakeholders of the telecommunication and media sectors, based on the common goal of fulfilling the public interests of ensuring data protection rights.

scholarly journals Personal Data Protection in New Zealand: Lessons for South Africa?

2017 ◽  
Vol 11 (4) ◽  
pp. 61
Author(s):  
A Roos
Keyword(s):  
South Africa ◽  
New Zealand ◽  
South African ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Right To Privacy ◽  
Personal Data Protection ◽  
Eu Directive ◽  
The Eu

In 1995 the European Union adopted a Directive on data protection. Article 25 of this Directive compels all EU member countries to adopt data protection legislation and to prevent the transfer of personal data to non-EU member countries (“third countries”) that do not provide an adequate level of data protection. Article 25 results in the Directive having extra-territorial effect and exerting an influence in countries outside the EU. Like South Africa, New Zealand is a “third” country in terms of the EU Directive on data protection. New Zealand recognised the need for data protection and adopted a data protection Act over 15 years ago. The focus of this article is on the data protection provisions in New Zealand law with a view to establishing whether South Africa can learn any lessons from them. In general, it can be said that although New Zealand law does not expressly recognise a right to privacy, it has a data protection regime that functions well and that goes a long way to providing adequate data protection as required by the EU Directive on data protection. Nevertheless, the EU has not made a finding to that effect as yet. The New Zealand data protection act requires a couple of amendments before New Zealand might be adjudged ‘adequate’. South Africa’s protection of the right to privacy and identity is better developed and more extensive than that of New Zealand. Privacy is recognised and protected in the law of delict and by the South African Constitution. Despite South Africa’s apparently high regard for the individual’s right to privacy and identity and our well-developed common and constitutional law of privacy, South Africa does not meet the adequacy requirement of the EU Directive, because we do not have a data protection Act. This means that South African participants in the information technology arena are at a constant disadvantage. It is argued that South Africa should follow New Zealand’s example and adopt a data protection law as soon as possible.

scholarly journals DECONSTRUCTING DATA PROTECTION: THE ‘ADDED-VALUE’ OF A RIGHT TO DATA PROTECTION IN THE EU LEGAL ORDER

2014 ◽  
Vol 63 (3) ◽  
pp. 569-597 ◽  
Author(s):  
Orla Lynskey
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
Added Value ◽  
The European Union ◽  
Right To Privacy ◽  
The Right To Privacy ◽  
Individual Personality ◽  
The Right ◽  
The Eu

AbstractArticle 8 of the EU Charter of Fundamental Rights sets out a right to data protection which sits alongside, and in addition to, the established right to privacy in the Charter. The Charter's inclusion of an independent right to data protection differentiates it from other international human rights documents which treat data protection as a subset of the right to privacy. Its introduction and its relationship with the established right to privacy merit an explanation. This paper explores the relationship between the rights to data protection and privacy. It demonstrates that, to date, the Court of Justice of the European Union (CJEU) has consistently conflated the two rights. However, based on a comparison between the scope of the two rights as well as the protection they offer to individuals whose personal data are processed, it claims that the two rights are distinct. It argues that the right to data protection provides individuals with more rights over more types of data than the right to privacy. It suggests that the enhanced control over personal data provided by the right to data protection serves two purposes: first, it proactively promotes individual personality rights which are threatened by personal data processing and, second, it reduces the power and information asymmetries between individuals and those who process their data. For these reasons, this paper suggests that there ought to be explicit judicial recognition of the distinction between the two rights.

scholarly journals Privacy in the Era of Big Data: Unlocking the Blue Oceans of Data Paradigm in Malaysia

2021 ◽  
Vol 6 (5) ◽  
pp. 203-212
Author(s):  
Atiqah Azman ◽  
Nur Shaura Azrin Binti Azman ◽  
Nurul Sahira Binti Kamal Azwan ◽  
Sherie Aneesa Binti Johary Al Bakry ◽  
Wan Nur Afiqah Binti Wan Daud ◽  
...  
Keyword(s):  
Big Data ◽  
Data Protection ◽  
National Policy ◽  
Big Data Analytics ◽  
Personal Data ◽  
Business Environment ◽  
Fundamental Rights ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection

Big Data has revolutionized the process of online activities such as marketing and advertisement based on individual preferences in the eCommerce industry. In Malaysia, the integration of Big Data in the commercial and business environment is keenly felt by establishing the National Big Data Analytics Framework catalyzing further economic growth in all sectors. However, the distinct features of Big Data spawn issues relating to privacy, such as data profiling, lack of transparency regarding privacy policies, accidental disclosures of data, false data or false analytics results. Hence, this research provides an insight into the intersection between Big Data and an individual's fundamental rights. The trade-off between privacy breaching and preserving is becoming more intense due to the rapid advancement of Big Data. Suggesting comparative analysis method as the data analysis approach, the adequacy of the Malaysian Personal Data Protection Act 2010 (PDPA 2010) in governing the risks of Big Data is evaluated against the European Union General Data Protection Regulation (GDPR) in managing the risk arising from the integration of Big Data. This research is hoped to initiate the improvement to the legislative framework, provides fundamentals to the formulation of national policy, and creation of specific law on Big Data in Malaysia, which will subsequently benefit industrial players and stakeholders.

scholarly journals From Privacy to Data Protection in the eu: Implications for Big Data Health Research

2018 ◽  
Vol 25 (1) ◽  
pp. 43-55 ◽  
Author(s):  
Menno Mostert ◽  
Annelien L. Bredenoord ◽  
Bart van der Slootb ◽  
Johannes J.M. van Delden
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Health Research ◽  
Personal Data ◽  
Fundamental Rights ◽  
Comprehensive System ◽  
The European Union ◽  
Data Intensive ◽  
Personal Data Protection ◽  
The Right

Abstract The right to privacy has usually been considered as the most prominent fundamental right to protect in data-intensive (Big Data) health research. Within the European Union (eu), however, the right to data protection is gaining relevance as a separate fundamental right that should in particular be protected by data protection law. This paper discusses three differences between these two fundamental rights, which are relevant to data-intensive health research. Firstly, the rights based on the right to data protection are of a less context-sensitive nature and easier to enforce. Secondly, the positive obligation to protect personal data requires a more proactive approach by the eu and its Member States. Finally, it guarantees a more comprehensive system of personal data protection. In conclusion, we argue that a comprehensive system of data protection, including research-specific safeguards, is essential to compensate for the loss of individual control in data-intensive health research.

Legislative discourse of digital governance: a corpus-driven comparative study of laws in the European Union and China

2021 ◽  
Vol 0 (0) ◽  
Author(s):  
Siyue Li ◽  
Chunyu Kit
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Security ◽  
Personal Data ◽  
The European Union ◽  
Data Governance ◽  
Personal Data Protection ◽  
Cross Border ◽  
Digital Governance ◽  
The Eu

Abstract Based on the self-compiled corpora of the European Union and Chinese laws on data governance, this study adopts a corpus-driven approach to comparatively study the legislative design of the EU and China on digital governance, especially on key issues such as data protection, data processing and utilization, and cross-border data transfer. It is found through corpus analysis that the EU has developed a relatively comprehensive data protection system, which internally focuses on the protection of individual data rights and externally sets high standards on the cross-border transfer of data. Despite the data protection paradigm as it manifests, the EU is facing new challenges on data exportation, data jurisdiction in the competitive digital marketplace. Shared the same concern on the data protection legislation, Chinese data law has made significant progress in personal data protection with the nascent enactment of Data Security Law and Personal Data Protection Law. Notably, Chinese legislation features the hierarchal taxonomy of data under the principle of the national security exception, while it requires more legislative skills, flexible response mechanisms, and more subordinate laws to prevent future data security threats. Moreover, the corpus-driven method conducted in this study provides evidential insights for the comparative legal textual studies across jurisdictions.

scholarly journals ASSESSING THE IMPLICATIONS OF SCHREMS II FOR EU–US DATA FLOW

2021 ◽  
pp. 1-18
Author(s):  
Maria Helen Murphy
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Flow ◽  
Data Transfer ◽  
Personal Data ◽  
Fundamental Rights ◽  
Constant Flow ◽  
The European Union ◽  
Court Of Justice ◽  
The Eu

Abstract With the constant flow of data across jurisdictions, issues regarding conflicting laws and the protection of rights arise. This article considers the EU–US data transfer relationship in the aftermath of the decision in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems where the Court of Justice of the European Union (CJEU) invalidated an EU–US data transfer agreement for the second time in just five years. This judgment continues the line of cases emphasising the high value the Court places on securing EU personal data in accordance with EU data protection standards and fundamental rights. This article assesses the implications of the ruling for the vulnerable EU–US data transfer relationship.

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

Sign in / Sign up

Export Citation Format

Share Document